CVEs-PoC/2021/CVE-2021-23879.md

### [CVE-2021-23879](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23879)
![](https://img.shields.io/static/v1?label=Product&message=Endpoint%20Product%20Removal%20Tool&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=21.x%3C%2021.2%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-428%3A%20Unquoted%20Search%20Path%20or%20Element&color=brighgreen)

### Description

Unquoted service path vulnerability in McAfee Endpoint Product Removal (EPR) Tool prior to 21.2 allows local administrators to execute arbitrary code, with higher-level privileges, via execution from a compromised folder. The tool did not enforce and protect the execution path. Local admin privileges are required to place the files in the required location.

### POC

#### Reference
- https://kc.mcafee.com/corporate/index?page=content&id=SB10351

#### Github
No PoCs found on GitHub currently.